Key Soft Skills in Cybersecurity

By Scott Bowman, Career Services Manager at SecureSet Denver.

You’ve probably heard about the cybersecurity talent gap by now. Companies are having a hard time filling their open cybersecurity positions which is forcing them to get creative in how they recruit and evaluate applicants. However, based on conversations I have had and the experience of placing hundreds of career changers into these IT/cybersecurity roles, I know this is not always due to a lack of talent.

Yes, there is HUGE dissonance between hiring manager expectations and the applicant pool with which human resources is provided. I have heard both sides. Hiring managers are limited by their capacity to train and onboard new talent, yet they want to fill their open seats and scale teams accordingly. There are usually other forces limiting their hiring budget. Everyone asks for a “swiss army knife” with 10+ years of experience that will work for $20–30 per hour and 60+ hours per week. It is incredibly unlikely that they will find this person. Instead, cybersecurity hiring has become a slow trickle of talent as they work to balance training capacity, budget, and day-to-day workload.

Cybersecurity in most companies is a measure to reduce risk in various areas of business and technical operations. Security as a service is still an emerging trend and is only recently a viable business model. Few of these companies are fully mature and still rely on a lot of effort from a few people.

Companies that rely solely on technical skills, education, and experience requirements are bound to be disappointed. Usually employers come to SecureSet when they realize their hiring campaign is not working. Many do a poor job of properly educating the applicant where his or her full-range of skills are best valued in a team. This means a lot of roles (and titles) are so new that perfectly viable candidates may not even find them.

From the hiring manager’s perspective, companies who should ideally have 30–50 people in their security teams may be hovering around 5–10 people doing the work of that respective number of people. There just is not enough funding for security. So where is the compromise?

The true middle ground in security talent and hiring is finding candidates with risk mitigating factors. Risk here refers to the dozens of variables that prevent you as a candidate from being an effective, trainable, manageable, happy, or affordable employee.

To reduce as much risk as possible to an employer considering them as a candidate, SecureSet students get creative in using their prior experience and “soft skills” to fill unique niches within each company and make themselves as versatile as possible. Soft skills and culture-matching reduce risk. In addition to the hands-on, lab and capstone-based training our students receive, career changers who leverage the following soft skills are mostly likely to stand out from the talent pool and be effective from day one.

Key needs:

• Customer Success — Skills that show you can successfully identify needs and follow-through with an appropriate solution. In what ways have you contributed to customer service in the past?
• Communication / Active Listening — Written and verbal communication with management/stakeholders is a daily activity and expectation. Listening/following directions is just as important.
• Presentation skills — Presenting/defending a complex concept in layman’s terms. As a security analyst, you may be expected to deliver presentations to groups of stakeholders and executives.
• Management skills — Managing time, people, assets, projects, etc is a regular part of the job.
• Problem solving ability — You background lends a unique skillset to the team’s ability to solve new problems… How? It’s important to be able to establish and/or follow a procedure for troubleshooting.
• Persuasion / Influence / Charisma — The ability to convince others your viewpoint has value. Can you show evidence of this over time? Think sales/management experience and gaining increased responsibility throughout your career.
• Loyalty — What aspects of the job will keep you around? Employers are looking for people who will lend long-term stability to their workforce.
• Humility — Are you able to admit when you’re wrong? are you capable of asking for help?
• Sense of Humor — Are you a person who can make others laugh at appropriate times. This is a good sign of your resiliency and ability to work with others.
• Independence — Can you work on your own as demonstrated by past experience?
• Team leadership — What kind of leader are you? How do you interact with others on your team?
• Logical reasoning — Can you solve a problem using known logic and/or follow a methodology for interpreting new problems?
• Philosophy / Frameworks — Cybersecurity is full of professional organizations and regulatory bodies that inform and standardize methods for solving problems in their industry. Are you knowledgeable of a key framework, compliance, and/or industrial controls? Ex: Lockheed Martin Kill Chain, OSI Model, PCI-DSS, OWASP Top 10, MITRE ATT&CK, HIPAA, FedRamp, SOX, etc”
• Creativity — People who exercise creativity in problem solving are able to diversify team problem solving methods.
• Research — Following a procedure of uncovering and documenting new information. Have you written articles, publications, or performed research in another discipline? Do you have a “home lab” where you can test out new skills
• Learning capacity — Security professionals are expecting to read up on trends and vulnerabilities so they can quickly adapt and apply skills gained in new contexts. What have you done to prove your capacity to learn the tools and procedures expected of you? SecureSet is the perfect place to show what you can do.

Scott Bowman is Career Services Manager for the Denver campus and brings over 8 years of experience coaching professionals in career transition in both higher education and human services, across the country. Originally from Wisconsin, he achieved a Masters in Higher Education Leadership from the University of Colorado. Scott is passionate about the great outdoors, as well as supporting students and facilitating valuable relationships with pillars of the cybersecurity industry.